1. Field of the Invention
The present invention generally relates to computer implemented control facility and support tools, and more particularly, a web based access control facility in a distributed environment.
2. Background Description
In a complex system like a manufacturing environment spread across the globe, it is very difficult to manage and control the access to various subsystems. Current systems have their own access control with no unified approach to the users from other systems and applications. Most of the systems cannot provide cross system inter operability due to the manual process of providing access.
This manual process further cripples the task of tracing and keeping track of users who no longer use the system or who left a position and no longer need the use the system. This is potentially a dangerous security breach if the user is left with access. This problem becomes acute and chronic if the systems are distributed and spread across geographies.
Further in a manual process, delegation of duty, in absence of the representative, can be chaotic and improper. In a manual system delegation can be done by communications such as e-mail or phone call. However, there is an isolated chance of it getting lost, and becoming a block in the system. This can also become a security problem since e-mail or phone calls, as other modes of communication, can be diverted, mischaracterized or tapped.
In traditional prior art access control facilities, the entire authentication is done at one time and for a limited set or domain of users. One of the limitations or handicaps of the prior systems is data centralization and data ownership. One owner or no owner is identified for the data, which severely limits the authentication of data and users. Since only the owner of the data can authenticate users, data ownership is a critical part of a distributed system.
There are automated systems in the prior art that deal with entitlements and access, especially in our webworld. However, they tend to be centralized and targeted to specific applications. An example is U.S. Pat. No. 6,223,292 issued to Dean et al. In this invention users are provided with graduated services provided by a media server. When the media server receives a streaming service request from a user the media server evaluates the user according to service level by analyzing the password. A second invention is U.S. Pat. No. 6,115,821 issued to Newby et al. which provides an access control processor for display of a message related to an authorization status of an information receiver, when the information is provided by a plurality of service providers. Another invention of this type is U.S. Pat. No. 5,890,140 issued to Clark et al. which integrates interactive financial services to allow access to multiple financial products from a single location.
A webentitlement system which is ideally suited for investment research reports and investment advisors and for corporate financial information is U.S. Pat. No. 5,864,871 to Kitain et al. It bases its entitlements on a user identification code and password.